CVE-2024-12767

The CVE concerns the buddyboss-platform WordPress plugin prior to 2.7.60. Affected: buddyboss-platform

CVE-2024-0249 Advanced Schedule Posts <= 2.1.8 - Reflected XSS

The Advanced Schedule Posts WordPress plugin through 2.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins...

CVE-2024-0249 Advanced Schedule Posts <= 2.1.8 - Reflected XSS

The Advanced Schedule Posts WordPress plugin through 2.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins...

CVE-2024-10639

Summary. CVE-2024-10639 concerns the WordPress plugin Auto Prune Posts (pre-3.0.0). Multiple connected sources confirm the root cause: the plugin does not adequately sanitize and escape certain settings, enabling a Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is dis...

CVE-2024-10639 Auto Prune Posts < 3.0.0- Admin+ Stored XSS

The Auto Prune Posts WordPress plugin before 3.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10639 Auto Prune Posts < 3.0.0- Admin+ Stored XSS

The Auto Prune Posts WordPress plugin before 3.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-4609

creationtimestamp| type| source ---|---|--- 2025-05-15 10:48:39+00:00| exploited| https://t.me/itsecnews/5885 2025-05-15 19:50:59+00:00| seen| https://bsky.app/profile/cti-news.bsky.social/post/3lpaby2mjrc2v 2025-05-15 20:01:35+00:00| seen|...

WordPress plugin Advanced Schedule Posts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in WordPre...

PT-2025-21442 · WordPress · Buddyboss Platform

Name of the Vulnerable Software and Affected Versions: buddyboss-platform versions prior to 2.7.60 Description: The issue is related to improper access controls in the buddyboss-platform WordPress plugin, allowing a logged-in user to view comments on private posts. Recommendations: For versions...

PT-2025-21408 · WordPress · Auto Prune Posts

Name of the Vulnerable Software and Affected Versions: Auto Prune Posts WordPress plugin versions prior to 3.0.0 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised an...

CVE-2025-0020

creationtimestamp| type| source ---|---|--- 2025-05-14 08:31:22+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16294 2025-05-14 09:17:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lp4o4q5plv2p 2025-05-14 09:19:53+00:00| seen|...

CVE-2025-4520

creationtimestamp| type| source ---|---|--- 2025-05-14 05:56:06+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp4ctsa27uc2 2025-05-14 06:07:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lp4dip5uvv2h...

CVE-2025-46721

creationtimestamp| type| source ---|---|--- 2025-05-13 16:48:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lp2wstuioc2o 2025-05-13 16:50:09+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp2vsdeta7r2 2025-05-13...

CVE-2025-30400

creationtimestamp| type| source ---|---|--- 2025-05-13 16:27:02+00:00| seen| https://www.thezdi.com/blog/2025/5/13/the-may-2025-security-update-review 2025-05-13 17:19:20+00:00| seen| https://cyberplace.social/users/GossiTheDog/statuses/114501662977985052 2025-05-13 17:34:18+00:00| seen|...

CVE-2025-40575

creationtimestamp| type| source ---|---|--- 2025-05-13 10:30:23+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16100 2025-05-13 10:48:35+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp2cn4amk542 2025-05-13 10:52:42+00:00| seen|...

CVE-2025-40577

creationtimestamp| type| source ---|---|--- 2025-05-13 10:30:21+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16098 2025-05-13 10:48:12+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp2cmzo5rjk2 2025-05-13 10:52:38+00:00| seen|...

CVE-2025-40580

creationtimestamp| type| source ---|---|--- 2025-05-13 10:30:18+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16095 2025-05-13 10:48:13+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp2cn24xtt42 2025-05-13 10:52:39+00:00| seen|...

CVE-2025-40582

creationtimestamp| type| source ---|---|--- 2025-05-13 10:30:16+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16093 2025-05-13 10:48:12+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp2cmzdsie42 2025-05-13 10:52:43+00:00| seen|...

CVE-2025-40583

creationtimestamp| type| source ---|---|--- 2025-05-13 10:30:15+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16092 2025-05-13 10:48:11+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp2cmyg4m742 2025-05-13 10:52:44+00:00| seen|...

CVE-2025-4513

creationtimestamp| type| source ---|---|--- 2025-05-10 20:27:10+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15910 2025-05-10 20:37:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lotsaqrykl2p 2025-05-10 21:42:04+00:00| seen|...